Cisco Switching/Routing :: SRP547w - Allow Traffic On Port 25 From External IP Filter?
Nov 16, 2011Can the SRP547W be configured to allow traffic on port 25 from an external ip range to an internal address?
View 0 Replies
ADVERTISEMENT
Cisco Switching/Routing :: C2960G / C3750 - Any Way To Filter (on Ingress Port) Type Of Traffic
Jun 22, 2012I have couple C2960G and C3750. Is there any way to filter (on ingress port) type of traffic? I would like to allow IP only, and discard (i.e.) IPX, or other garbage, that any device can produce.I have tried to find something about this, but only thing I have found is feature : protocol filter, which doesn't seems to be working on my hardware.
View 6 Replies View RelatedCisco Switching/Routing :: 6500 / How To Filter IPX Traffic
Feb 23, 2013We have a lot of IPX traffic flowing through a switched network and we are being asked to filter it from a network standpoint. At one point they were using IPX in their network, but no longer need to, so they still have a lot of machines spewing out IPX traffic. We have removed the IPX routing commands from our distribution switches, (Cisco 6500), but after running a short 10 minute Wireshark capture I'm still getting a good bit of IPX traffic from a lot of different devices.
View 2 Replies View RelatedCisco Switching/Routing :: ASA 5585 - Filter Traffic Between Vlans?
Apr 9, 2013I have a ASA 5585 and a Nexus 5596, and i need a sugestion to configure this cenário:
My users in the Vlan 10 need access on the network in the Vlan 20, but this traffic must be filtered for firewall. In the firewall a received a trunk port for Nexus 5596, and i created subinterfaces to receive the Vlans for this trunk.
The gateway for my users is the address for the ASA subinterfaces.
What i do to filter the traffic between the Vlans?
Cisco Switching/Routing :: Filter IP Traffic By MAC Address On Catalyst 4500?
Dec 19, 2012We want to filter IP traffic by MAC address on Catalyst 4500. Since we are using bonding (active-backup mode) we need those mac addresses appear on different ports. Below are solutions that we have tried: ACL but it does not work since mac acls only match non ip traffic (We CAN NOT use ip acl). Use a static mac address-table entry to ALLOW specific mac addresses. It does not work either since the same MAC address needs to be seen on a different port. Catalyst 4500 does not support auto-learn option (as e.g. Nexus 5000).
View 3 Replies View RelatedCisco Switching/Routing :: Sonic Wall 3060 - Filter Traffic From VLAN Through ASA?
Dec 18, 2011I'm decommissioning my SonicWall PRO 3060 and upgrading to an ASA5550 (we're increasing our WAN link speed to 1Gig and need the 5550). In any case, I want to copy over the configuration from the PRO to the ASA. I have everything documented and I've started doing the changeover, but in looking at some other network diagrams on the net I'm seeing router symbols between the LAN switches and the ASA and I'm beginning to worry that I might need routers to do this which, of course, would increase cost quite a bit.
So my question is this: If I have a core switch carved into multiple VLANs and I connect each VLAN to a port on the ASA, will I be able to route and filter traffic from VLAN to VLAN through the ASA? If so how, in general, is this accomplished (I'm betting ACLs). I think that the ASA will be able to do this easily, but I just want to be sure before I get too far into the configuration of this unit,.
ASA
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
GigE0/0 GigE0/1 GigE0/2 GigE0/3 GigE1/0 GigE1/1 GigE1/2 GigE1/3
| | | | | | | |
| | | | | | | |
WAN BackupWAN VLAN400 VLAN500 VLAN600 VLAN700
Cisco Switching/Routing :: 3750 Populate All Switch Port With 100 Filter List
Oct 27, 2011If i fully populate all switch port (Cisco 3750 series) with 100 filter list on each port is it recommendable.
View 4 Replies View RelatedCisco Switching/Routing :: C6500 Filter ARP Answer On 802.1q Port For Specific VLan
Oct 10, 2012I am trying to filter ARP answer arriving on a C6500 trunk port, for a specific vlan.Filtering conditions are:
- packet arrive from vlan ID x on the trunk (on only for this vlan ID)
- source MAC address = xx:xx:xx:xx:xx:xx
Thae aim is that the C6500 with never enter into its CAM table this MAC address.I looked at several methos like service policy or vlan filter, but no solution for the moment.
How Does Firewall Block Or Filter Traffic On Specific Port Or IP Address
Nov 15, 2011How does a firewall block or filter traffic on a specific port or IP address?
View 1 Replies View RelatedCisco Switching/Routing :: 861 - External IP Redirection (Port 80)
Mar 5, 2013I have a little problem with a redirection. When I type my external ip, I am directly connected to my Cisco 861 ( through port 80 (HTTP))
Even if I do a factory default, I always have the same problem. I try to make another redirection on another internal ip , but always same problem...
Cisco Switching/Routing :: 3825 ISR - Traffic Route From Switch Port To Router Port
Jun 5, 2013I'm fairly new to Cisco products am in the process of developing my network knowledge on a deeper level. I have a 3825 with a HWIC-4ESW and I'm struggling to fully understand how the two "see" each other. I've setup a V LAN with a layer 3 address on the HWIC and added the switch ports to it. This seemed to allow devices connected to the switch ports to talk to the built-in router ports. I thought this was all making sense until i applied an access-list to the router port. It's a simple ACL i'm just using for testing and the only thing it does is blocks telnet from anywhere. I know the ACL is setup properly because if I connect a device directly to the router port i cannot telnet to the port. However, if i connect a device to one of the switch ports, i am able to telnet to the router port successfully.
It seems that I'm missing something with how traffic flows from the switch port to the router ports and how the two "see" each other.
Cisco Routers :: SRP547W - Can't Ping External Side Of ADSL Interface
Mar 2, 2013I have installed a couple of SRP547W's and can't ping the external side of the ADSL interface.
Is there an option to turn on "respond to ping" and also are you able to forward to a internal IP?
Linksys Cable / DSL :: WAG320N Restrict External Port Traffic
Jul 9, 2011I have recently purchased a Linksys WAG320N (firmware V1.00.12) to replace my old ZyXEL P-660H-D1.I've managed to set it up roughly the same in terms of the ports I want open and port forwarding, with one exception: I can enable a port to be forwarded to an IP address on my network, but I can't find anywhere to set it so that the port is only allowed from a specific IP address outside of the network, e.g.
Accept port [some number] from [some Internet address] into 192.168.1.2 but reject attempts from others.I thought it might be in Access Restrictions but that only covers internal IP addresses.
Cisco Firewall :: ASA5505 Can't Port Forward Traffic From Two External IP Addresses
Dec 30, 2012I am a total Cisco novice who has just had a ASA5505 installed to replace a linux freeware firewall (smoothwall).I'm told that the 5505 can't port forward traffic (e.g. ssh) from two external IP addresses to two internal destination machines via the same port # (22 in this example).
View 9 Replies View RelatedCisco WAN :: 2600 - Redirect Web Traffic To External Proxy In Specific Port?
Jan 18, 2010I want to redirect internal web traffic (browsing) to an external web server for Web, Virus and Spyware filtering. Those externals proxies are running in 8080 port. I have one ASA firewall and a Cisco 2600 router. I was thinking in doing PBR in the router but in the next hop I can only set one IP, not an IP and a port. So how can I redirect web traffic to an external proxy listening in 8080 port?
View 11 Replies View RelatedCisco Switching/Routing :: VTP Traffic Not Seen On SPAN Port On 3750
Dec 12, 2011Been dealing with a strange problem for several days now. It started out with a problem that I thought was VTP related but ended up being something else. I setup a span port on a 3750 that I am connected to that was mirroring the trunk connection coming into the switch.
Never saw an VTP traffic come across the connection but doing a sh vtp status indicated the traffic was arriving and getting processed. When I found some debug commands (debug sw-lan vtp), I was also able to see the packets go between switches. Seeing this issue concerns me that there is other traffic that isnt showing up during a span session.
I know that doing a span on a switch, especially using a trunk port as a source, isnt a good idea. Since I didnt have a TAP at time, this was my only choice. I have since borrowed a NetOptics TP-CU3 tap from a good friend and was able to confirm the VTP traffic was going across the trunk connection between switches.
All of my 3750's are running 12.2.55.SE.
Cisco Switching/Routing :: 3550 - Redirecting Port 80 Traffic?
Dec 12, 2011How do I redirect my port 80 traffic to my Trend Micro IWSVA in my 3550 switch? How do I use PBR? Can I use WCCP in my 3550?
View 3 Replies View RelatedCisco Switching/Routing :: ASA 5505 Dropping Port 443 Traffic?
May 10, 2012Networking is not my gig, but it has to be at this very moment. We have an ASA 5505. Let me explain what's going on.
On Tuesday I wanted to be able to use the ASDM since there is less room for error. But we only had a console set up. So I ran the following commands...
in ($config)
http of course didn't do anything incomplete command
http 192.168.1.2 255.255.255.255 didn't anything incomplete command
http 192.168.200.254 255.255.255.255 inside
[Code]....
Everything started working after that. Everything worked fine all of wednesday and thursday. Then this morning it stopped processing again. When I traceroute it gets to the machine that is hooked up to the console and stops. So I'm guessing its actually getting to the ASA router and being swallowed up again...
Cisco Switching/Routing :: 4510 - Command To See If Port Was Ever Up And Passed Traffic
Apr 24, 2012I am looking to find a command or counter to tell me if a cisco switch port on a 4510 was ever up and passed traffic. I want to shutdown all unused switchports on our access switches. But before I do that I need to make sure device is just not off or the person is away on vacation. If I do sh int interface, is there a counter I can reference.
View 4 Replies View RelatedCisco Switching/Routing :: 3750 - How To Isolate Fiber Port Traffic
Jun 18, 2012We would like to setup a link to our DR site that is separate from our main network traffic. This link will be used by an EMC VNX SAN for replication traffic. The SAN will be plugged into a fiber port on a 3750 switch and going out from the same switch (going in as multimode, going out as single mode) into a patch panel that runs over to the DR site (about a mile away). At the DR site it will go from the fiber panel into another 3750 switch which ends up going back out of that switch into our DR SAN.
I'm wondering what the best way would be to configure the fiber ports to accomplish this. I'm affraid that the replication traffic will find it's way over through another route and congest our main network unless configured appropriately.
Cisco Switching/Routing :: C2960S / Prevent Traffic Per Port Or Inside VLan
Nov 27, 2012I want to know what is the best way to black traffic inside the same VLAN, this VLAN is a user VLAN, it means that I am talking about access layer.I wanted to use private vlan, but C2960S doesn't support this feature. Any other way to prevent any to any traffic in the user vlan, this vlan only have to speak at the Layer 3.
View 2 Replies View RelatedCisco Switching/Routing :: How To Limit Broadcast Traffic On 3560 Switch Port
Dec 17, 2012How do I limit broadcast/mulitcast traffic on a switchport to e.g. 5000 pps ? I don't want the port to shut down, just block or drop broadcast traffic that exceeds 5000 pps.
View 19 Replies View RelatedCisco Switching/Routing :: Unexpected Traffic On Nexus 5000 Trunk Port?
Feb 6, 2013So I took a laptop with wireshark and plugged it into a nexus 5000 port that is configured as a trunk with 3 vlans allowed on it. The laptop was seeing all kinds of traffic on the wire, most of it was not involving my laptop.
For example: Server A VLAN 10= 10.10.10.1 Server B VLAN 20= 10.20.20.1 and wireshark laptop is plugged into a trunk port which is allowing those vlan's. The vlan's are routable.
10.10.10.3 is seeing the entire conversation when 10.10.10.1 backs up 10.20.20.1 even though it has no reason to see it. It is as if the trunk is spanning traffic to the laptop port. No span is setup however. It's really weird. This is not just broadcast traffic, but actual tcp taffic between Server A and B. Why would a trunk port see traffic between 2 other servers talking to each other on the vlan.
Trunk port configuration below:
Interface Ethernet 141/1/3
switchport mode trunk
switchport trunk allowed vlan 10, 20
Cisco Switching/Routing :: 3524XL Cannot Access Any Traffic From Gigabit Port Over Fiber
Nov 20, 2011We have Cisco 3524XL switch, Motorola AXS1800 chassis. I am configuring this cisco switch so I can connect AXS1800 traffic thru cisco 3524XL, on switch port gigabit 0/1, I am using cisco Part no. WS-G5486 (1000Base-LX) connector to connect to AXS1800, both port are member of vlan 200 allowed, and configured dhcp-server 192.168.0.1, but still I can't ping any host or host can't get DHCP server.
View 2 Replies View RelatedCisco Switching/Routing :: 3750E - Sequestering Traffic On A Router-enabled Port
Nov 20, 2011Is there a way to use the "no switchport command to enable routing on a port and yet sequester it from traffic on other vlans within the switch?
The switch in question is a 3750E
Cisco Switching/Routing :: 3524XL Can't Access Any Traffic From Gigabit 0/1 Port Over Fiber
Dec 26, 2011We have Cisco 3524XL switch, Motorola AXS1800 chassis. I am configuring this Cisco switch so I can connect AXS1800 traffic thru Cisco 3524XL, on switch port gigabit 0/1, I am using Cisco Part no. WS-G5486 (1000Base-LX) connector to connect to AXS1800, both port are member of v lan 200 allowed, and configured dhcp-server 192.168.0.1, but still I can't ping any host or host can't get DHCP server. I have attached my config file for your review.
View 25 Replies View RelatedCisco Switching/Routing :: 6509 - Block All FTP Traffic On Port 21 From Servers In Network
Oct 3, 2012I am attempting to block all FTP traffic on port 21 from the servers in my network, and only allow FTP from one server to go out.
I have created the following ACL
access-list 101 Permit ip any any
access-list 101 Permit 21 1.1.1.1 0.0.0.0 any
access-list 101 Deny 21 any any
and have applied it to my truck VPN that goes up to my firewall
int Vlanxxx
ip access-group 101 out
But when i test ftp is still allowed by all servers.
Cisco Switching/Routing :: Limiting Outgoing Traffic On Single L2 Port On Nexus 7000 1GB
Aug 4, 2012I am trying to limit the incoming and outgoing traffic on a l2 port to 8mbps for a ip subnet within the nexus 7000. The port is connected to my ISP router which has a bandwidth of 20mbps.Policing won't work on a l2 Port and shaping cannot be applied on a port level. url...I have been reading thru the qos guide for nexus release v6 and have problems understanding the different queues.
View 3 Replies View RelatedCisco Switching/Routing :: How To Setup Traffic Shaping On 4500X Outbound Port To WAN Routers
Mar 26, 2013We have some ASR WAN routers which have a dedicated 400M interface to a remote site.
Servers on our Local network source the data through some firewalls via 10G interfaces, which connects to 4500X WAN switches then to the Routers on 1G links.
The sources are rate limiting the traffic but the routers are periodically dropping packets which I think is mostly due to burstiness in the traffic between as it traverses through from 10G links to 1G then to 400M.
How to setup traffic shaping on the 4500X outbound port to our WAN routers.I'd like to see if we could buffer and smoothe out the traffic as it exits the 4500X WAN switch 1G port to the WAN Routers.
Cisco Switching/Routing :: 1433 - Span Port Configuration To Listen To Specific Traffic Only?
Nov 2, 2011Is it possible to configure the span(switch port analyzer) port and restrict it to only listen to ingress and egress of TCP/1433 from the source port?
View 2 Replies View RelatedCisco Switching/Routing :: SG300-10 See All Traffic From All Connected Devices On Any Port / Where To Connect Listening Device
Dec 20, 2012In my LAN environment, I'm using two cisco SG300-10 switches. Both switches are connected by GE10 on both switches, where both ports are set to trunk.Now on all ports 1-9 on both switches, I'm having client computers attached. So I set ports 1-9 to "access" mode.All interfaces on any switch is left in default vlan.
Is it normal that I see all traffic from all connected devices on any port where I connect a listening device?What I'd like to achieve is, that only traffic that is meant for a specific workstation is actually forwarded to this workstation. By now it seems that I get all the traffic from everybody.
Cisco Switching/Routing :: 5520 Configure Traffic Flow Between Computers Inside VLANs And Routed Port
Jul 7, 2012How to configure traffic flow between computers inside VLANs and a routed port? Here is the setup details:
1. Switch 3750-X
2. VLAN 100 - ( SVI IP address 192.168.100.1 /24)
3. VLAN 200 - ( SVI IP address 192.168.200.1 /24)
4. routed port gi1/0/48 (IP address 192.168.150.1 /24). Note: this port is directly connected to a firewall ASA 5520 port IP 192.168.150.100 /24
Ip routing is enabled on the switch and inter vlan traffic is flowing ok. I can ping the routed port gi1/0/48 from any computer connected in the VLAN 100 or 200. For example computer with IP 192.168.100.25 can ping the routed port 192.168.150.1. Switch can ping firewall port 192.168.150.100 and the 'sh ip route' command shows the network 192.168.150.0 /24 as directly connected network.
any computer in the two VLANs CANNOT ping firewall ASA port 192.168.150.100 Is it because inter VLAN routing does not work with a routed port on L3 switch? I looked up fallback bridging, but it is meant for non IP traffic.The goal is I am trying to set the ASA port as an internet gateway for VLANs.
Cisco Routers :: SRP547W - How To Use Multiple WAN IPs For Port Forwarding
Sep 10, 2011We've run into some difficulty trying to take advantage of multiple WAN IPs in conjunction with the SRP547
What we're trying to acheive is the ability to port forward from our distinct public IPs to different internal servers. Looking at the options under Port Forwarding it looks like we can only configure forwards at the "WAN interface" level, but our problem is that we can't work out how to set up separate interfaces for each of our Public IPs...
Our ISP provides us with a fully managed NTU/router with a single "Internet" ethernet port, which we can use by statically configuring IPs on our end. For this configuration this port has been directly patched to the WAN ethernet port on the SRP547W.
We have been allocated a 255.255.255.248 (/29) subnet, giving us 5 usable IPs after the ISP's gateway address is taken into account, like so:
a.b.c.208 Network Address (/29 subnet)
a.b.c.209 ISP Gateway
a.b.c.210 IP1
[Code].....
I should mention at this point that we're running on firmware version 1.02.01 (023).
Is there a CLI or other method of configuration that might work if the web interface won't?
